I CLAIM: 


1 . A redundant hub-spoke configuration for a virtual private LAN (VPN) of 
the type having a plurality of emulated LANs (ELANs), each connected at a 
provider edge (PE) node over a service provider network, comprising: 

a first hub node serving client equipment (CE) devices connected on a first 

ELAN, 

a spoke node serving CE devices on a second ELAN; 

a first point-to-point link L1 for interconnecting said hub node and said 
spoke node; and 

a second hub node interconnected with said first hub node, 

wherein whenever said first link L1 fails, said second hub node establishes 
communication with said spoke node over a second point-to-point link L2. 

2. The redundant hub-spoke configuration of claim 1 , wherein said 
second hub node operates as a spoke node of said hub node under normal 
operation conditions. 

3. The redundant hub-spoke configuration of claim 1, wherein said first 
hub node operates as a spoke node of said second hub node when said first hub 
node fails. 

4. The redundant hub-spoke configuration of claim 1 , wherein a first PE 
node interfacing said first hub with said service provider network monitors said 
first link L1 for detecting a failure at said hub node. 

5. The redundant hub-spoke configuration of claim 1 , wherein in case of a 
failure at said hub node, said first PE node signals to a third PE node interfacing 
said spoke node with said service provider network to establish a second point- 
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to-point link with said second hub node, and to re-map the traffic from said 
second hub node over said second point-to-point link. 

6. The redundant hub-spoke configuration of claim 1, wherein the access 
link between said spoke node and said third PE node is an aggregated bundle of 
links comprising a redundant link. 

7. The redundant hub-spoke configuration of claim 6, wherein connectivity 
between said third PE node and said spoke node is maintained when a link on 
said respective aggregated bundle is interrupted. 

8. The redundant hub-spoke configuration of claim 7, wherein the loss of 
a link in said aggregated bundle is transparent to said spoke node. 

9. In a hub-spoke configuration for a virtual private LAN (VPN) of the type 
having a plurality of emulated LANs (ELANs), each connected at a service 
provider edge (PE) node over an access link, a method for recovering the traffic 
in case of a failure, comprising: 

a) transmitting traffic from a first hub node to a spoke node over a first 
point-to-point link established between a first PE at said first hub node and a third 
PE at said spoke node; 

b) at said third PE, monitoring the traffic on said first link; 

c) responsive to a fault on said link, signaling said fault from said third PE 
to said first PE; and 

d) transmitting traffic form a second hub node to said spoke node over a 
second point-to-point link established between a second PE node at said second 
hub node and said third PE. 

10. The method of claim 9, wherein step a) comprises: 

at said first hub node, bridging the traffic destined to said spoke node 
towards said first PE; 
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at said first PE, tunneling the traffic received from said first hub node along 
said point-to-point connection to said third PE, 

at said third PE, mapping the traffic received over said point-to-point 
connection to said spoke node; and 

at said spoke node, bridging the traffic received from said third PE. 

1 1 . The method of claim 9, wherein step a) comprises: 

at said second hub node, bridging the traffic destined to said spoke node 
towards said third PE; 

at said second PE, tunneling the traffic received from said second hub 
node along said second point-to-point connection to said third PE, 

at said third PE, mapping the traffic received over said second point-to- 
point connection to said spoke node; and 

at said spoke node, bridging the traffic received from said third PE. 

12. The method of claim 9, wherein said step c) comprises using a LayeM 
signaling protocol. 

13. The method of claim 9, wherein said second hub node operates as a 
spoke node of said first hub node under normal operation conditions. 

14. The method of claim 9, wherein said first hub node operates as a 
spoke node of said second hub node when said hub node fails. 

15. The method of claim 9, wherein first and second point-to-point 
connections are point-to-point Ethernet tunnels. 

16. The method of claim 9, wherein the access link between said third PE 
and said spoke is an aggregated bundle of links comprising a redundant link. 


28 


17. The method of claim 16, wherein connectivity between third PE node 
and said spoke node is maintained when a link on said aggregated bundle is 
interrupted. 

18. The method of claim 17, wherein the loss of a link in said aggregated 
bundle is transparent to said spoke node. 

19. A method of providing a multipoint emulated LAN connecting a 
plurality of sites with site-to-site bandwidth guarantees, comprising: 

configuring a second customer located equipment PLE to perform 
multipoint switching of the traffic in a first VC/tunnel established between a first 
site and said second site, to one of a second or a third site, based on the MAC 
address; 

configuring a first CLE to operate as a spoke of said first CLE to perform 
point-to-point switching of said first VC/tunnel, and of a second VC/tunnel 
established between said third site and said second site; and 

allocating a first bandwidth to said first VC/tunnel and a second bandwidth 
to said second VC/tunnel and rate limiting traffic in each said first VC/tunnel and 
said second VC/tunnel to said respective allocated bandwidth. 

20. In a virtual private LAN (VPL) of the type having a plurality of 
emulated LANs, each emulated LAN comprising an access device connected to 
a service provider edge PE node along an access link identified by a data link 
connection identifier, and a first PE is interconnected with a second PE along a 
point-to-point link, a method of establishing a hybrid connection between a first 
customer equipment CE device on said VPL and a second CE device that 
operates according to a different communication protocol, said method 
comprising: 

a) at said second CE device, performing bridged encapsulation of the 
traffic and transmitting a second type protocol data unit (PDU) over a second 
access link to a second provider edge (PE) node; 
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b) at said second PE node, decapsulating traffic form said PDU, and 
transmitting the traffic into a service provider type PDU over a dedicated point-to- 
point tunnel across said service provider network to a first PE node; 

c) at said first PE node, decapsuating the traffic from said service provider 
PDU, converting it to a first type PDU and transmitting said PDU to a first access 
device over a first access linkr 

d) at said first access device, bridging said PDU to said first CE device. 

21 . The method of claim 20, wherein said first access link is differentiated 
at said first access device by a dedicated first data link connection identifier 
DCLI, and said second access link is differentiated at said second PE node by a 
dedicated second DCLI. 

22. In a VPL of the type having a plurality of emulated LANs, each 
emulated LAN comprising an access link to a service provider edge PE node 
identified by a data link connection identifier, a method of establishing a hybrid 
connection between a first customer equipment CE device on said VPL and a 
second CE device that operates according to a different communication protocol, 
said method comprising: 

a) at said first CE device, bridging a first type PDU to a first PE node over 
a first access link; 

c) at said first PE node, decapsulating traffic from said first type PDU, 
encapsulating the traffic into a service provider type PDU and transporting it over 
a dedicated point-to-point tunnel across said sen/ice provider network to a 
second PE node; and 

d) at said second PE, decapsulating traffic from said service-provider 
PDU, performing bridged encapsulation of the traffic in a second type PDU and 
sending it to said second CE device over a second access link. 

23. The method of claim 22, wherein said first access link and said 
second access link of said hybrid connection are distinct from access links for a 
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homogeneous connections between any CE devices operating according to said 
first communication protocol. 

24. The method of claim 22, where said first communication protocol is 
Ethernet and said second communication protocol is one of Frame Relay and 
ATM. 

25. The method of claim 22, wherein said second type PDU is an FR 
frame or an ATM cell, and said service provider type PDU is an IP packet of an 
IP Layer2 Transport type. 

26. The method of claim 24, wherein step c) comprises: 

provisioning the network address of said second CE device at said first PE 

node; 

at said first CE, sending an ARP request to said first PE node for the IP 
destination address of said second CE device, 

receiving the MAC address of said PE node if said second device is 
connected to said second PE node. 

27. The method of claim 25, wherein said second PE device uses Inverse 
ARP capabilities to discover the network address of said second CE device. 

28. The method of claim 25, wherein said first PE node uses signaling to 
provide said first CE device with the network address of said second CE device. 

29. In a VPL of the type having a plurality of emulated LANs, each 
emulated LAN comprising an access link to a service provider edge PE node 
identified by a data link connection identifier, a method of establishing a hybrid 
connection between a first customer equipment CE device on said VPL and a 
second CE device that operates according to a different communication protocol, 
said method comprising: 
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a) at said second CE device, performing routed encapsulation of traffic 
into a second type PDU and transmitting said second type PDU to a second PE 
node over a second access link; 

b) at said second PE node, decapsulating traffic from said second type 
PDU, encapsulating the traffic into a subscriber network type PDU and 
transmitting it over a dedicated point-to-point tunnel to a first PE node; 

c) at said first PE node, decapsulating the traffic received over said 
dedicated point-to-point tunnel, encapsulating it into a first-type PDU, and 
sending first-type PDU to an access device over a second access link; and 

at said access device, bridging said PDU to said first CE device. 

30. The method of claim 29, wherein said first CE device is an IP router 
and said second device is a FR or ATM router. 

31 . The method of claim 30, wherein step c) comprises 

sending from said first PE node a proxy ARP request to said first access 
device over said first access link; 

receiving in a response ARP request the MAC address corresponding to 
the IP address of said first-type PDU; and 

transmitting said first-type PDU to said first CE device based on said MAC 
address. 

32. The method of claim 31, further comprising caching said MAC 
address at said first PE node. 

33. The method of claim 31 , wherein if said first CE device is on an 
emulated LAN served by said second PE node, said first CE device sends said 
response ARP directly to said second PE device. 
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34. The method of claim 29, wherein said first CE device is an IP router 
enabled with an IRDP protocol (Internet Control Message Protocol Router 
Discovery Protocol) and said second device is a FR or ATM router. 

35. The method of claim 34, wherein step c) comprises: listening at said 
first PE node for advertisement messages issued by said first CE on said first 
access link; discovering the MAC address of said first CE device and transmitting 
said first-type PDU to said first CE device based on said MAC address. 

36. The method of claim 35, further comprising caching said MAC 
address at said first PE node. 

37. The method of claim 34, wherein when said MAC address identifies a 
non-optimal router, step c) further comprises sending a redirect message to said 
second PE with the address of said optimal router so that subsequent PDUs are 
sent to optimal router. 
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